139.220.192.57

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Pacnet Business Solutions Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	TCP (SYN) 139.220.192.57:10792 -> port 22, len 48	2020-08-13 01:55:33
attackspambots	SSH break in attempt ...	2020-08-08 02:21:42
attack	firewall-block, port(s): 22/tcp	2020-07-22 05:24:07
attackbotsspam	TCP (SYN) 139.220.192.57:1046 -> port 22, len 48	2020-06-21 19:20:29
attackspambots	[portscan] tcp/22 [SSH] [scan/connect: 2 time(s)] *(RWIN=65535)(05131133)	2020-05-13 19:38:56
attack	[portscan] tcp/22 [SSH] *(RWIN=65535)(05110729)	2020-05-11 16:02:02
attack	04.05.2020 07:23:51 SSH access blocked by firewall	2020-05-04 17:53:36
attackspam	Port 22 (SSH) access denied	2020-05-01 01:33:42
attackspambots	18.03.2020 07:22:49 SSH access blocked by firewall	2020-03-18 16:59:09
attack	Multiport scan 1 ports : 22(x53)	2020-01-11 03:56:50
attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-12-25 03:35:03
attackbotsspam	firewall-block, port(s): 22/tcp	2019-12-03 01:50:16
attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-19 17:56:33
attackspam	firewall-block, port(s): 22/tcp	2019-11-16 00:14:04
attack	Scanning random ports - tries to find possible vulnerable services	2019-11-13 06:27:40
attack	05.11.2019 14:39:15 SSH access blocked by firewall	2019-11-06 00:49:50
attack	19.10.2019 03:54:58 SSH access blocked by firewall	2019-10-19 14:21:07
attack	07.09.2019 03:23:01 SSH access blocked by firewall	2019-09-07 12:54:08
attackbots	01.09.2019 07:31:41 SSH access blocked by firewall	2019-09-01 16:36:27
attack	Port Scan detected from 139.220.192.57 (CN/China/user.192.126.222.zhong-ren.net). 4 hits in the last 120 seconds	2019-08-29 22:53:29
attack	Port Scan detected from 139.220.192.57 (CN/China/user.192.126.222.zhong-ren.net). 4 hits in the last 241 seconds	2019-08-26 16:13:27
attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-08-09 07:12:06
attackbots	07.08.2019 11:01:29 SSH access blocked by firewall	2019-08-07 19:20:07
attackspambots	Probing for vulnerable services	2019-08-05 20:57:50
attack	Probing for vulnerable services	2019-07-07 05:55:12
attackbots	Port Scan detected from 139.220.192.57 (CN/China/user.192.126.222.zhong-ren.net). 4 hits in the last 180 seconds	2019-06-30 02:52:31

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.220.192.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46871
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.220.192.57.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019032802 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Mar 29 06:56:18 +08 2019
;; MSG SIZE  rcvd: 118

Host info

57.192.220.139.in-addr.arpa domain name pointer user.192.126.222.zhong-ren.net.

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
57.192.220.139.in-addr.arpa	name = user.192.126.222.zhong-ren.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
103.82.140.153	attack	Unauthorised access (Sep 24) SRC=103.82.140.153 LEN=40 TTL=242 ID=20239 TCP DPT=445 WINDOW=1024 SYN Unauthorised access (Sep 23) SRC=103.82.140.153 LEN=40 TTL=242 ID=53110 TCP DPT=1433 WINDOW=1024 SYN Unauthorised access (Sep 23) SRC=103.82.140.153 LEN=40 TTL=242 ID=28329 TCP DPT=445 WINDOW=1024 SYN	2020-09-24 19:05:22
209.17.96.178	attack	TCP port : 8443	2020-09-24 19:03:23
104.248.143.177	attackbots	(sshd) Failed SSH login from 104.248.143.177 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 24 07:16:29 server2 sshd[17898]: Invalid user ts3 from 104.248.143.177 Sep 24 07:16:29 server2 sshd[17898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.143.177 Sep 24 07:16:31 server2 sshd[17898]: Failed password for invalid user ts3 from 104.248.143.177 port 42204 ssh2 Sep 24 07:22:06 server2 sshd[27544]: Invalid user topgui from 104.248.143.177 Sep 24 07:22:06 server2 sshd[27544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.143.177	2020-09-24 19:36:05
212.119.48.48	attack	Sep 23 17:00:15 scw-focused-cartwright sshd[30818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.119.48.48 Sep 23 17:00:17 scw-focused-cartwright sshd[30818]: Failed password for invalid user pi from 212.119.48.48 port 50886 ssh2	2020-09-24 18:57:56
49.235.73.82	attackspam	2020-09-24T10:08:10.720265amanda2.illicoweb.com sshd\[30792\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.73.82 user=root 2020-09-24T10:08:12.160814amanda2.illicoweb.com sshd\[30792\]: Failed password for root from 49.235.73.82 port 48564 ssh2 2020-09-24T10:11:45.984054amanda2.illicoweb.com sshd\[30905\]: Invalid user gemma from 49.235.73.82 port 53696 2020-09-24T10:11:45.989691amanda2.illicoweb.com sshd\[30905\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.73.82 2020-09-24T10:11:47.279607amanda2.illicoweb.com sshd\[30905\]: Failed password for invalid user gemma from 49.235.73.82 port 53696 ssh2 ...	2020-09-24 19:14:10
52.167.235.81	attack	Sep 24 07:10:55 Tower sshd[9433]: Connection from 52.167.235.81 port 56057 on 192.168.10.220 port 22 rdomain "" Sep 24 07:10:55 Tower sshd[9433]: Failed password for root from 52.167.235.81 port 56057 ssh2 Sep 24 07:10:55 Tower sshd[9433]: Received disconnect from 52.167.235.81 port 56057:11: Client disconnecting normally [preauth] Sep 24 07:10:55 Tower sshd[9433]: Disconnected from authenticating user root 52.167.235.81 port 56057 [preauth]	2020-09-24 19:13:45
210.114.17.198	attackbots	Invalid user matlab from 210.114.17.198 port 51482	2020-09-24 19:34:42
104.248.45.204	attack	$f2bV_matches	2020-09-24 19:30:58
76.20.145.176	attackbotsspam	(sshd) Failed SSH login from 76.20.145.176 (US/United States/c-76-20-145-176.hsd1.mi.comcast.net): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 23 13:00:05 optimus sshd[21322]: Invalid user admin from 76.20.145.176 Sep 23 13:00:07 optimus sshd[21322]: Failed password for invalid user admin from 76.20.145.176 port 57708 ssh2 Sep 23 13:00:07 optimus sshd[21335]: Invalid user admin from 76.20.145.176 Sep 23 13:00:10 optimus sshd[21335]: Failed password for invalid user admin from 76.20.145.176 port 57785 ssh2 Sep 23 13:00:10 optimus sshd[21348]: Invalid user admin from 76.20.145.176	2020-09-24 19:06:09
45.89.173.204	attackbots	Sep 23 18:02:06 logopedia-1vcpu-1gb-nyc1-01 sshd[130431]: Failed password for root from 45.89.173.204 port 34548 ssh2 ...	2020-09-24 18:57:34
111.90.150.22	spam	U	2020-09-24 19:36:34
109.87.82.211	attackbotsspam	Sep 24 10:07:49 vps639187 sshd\[10725\]: Invalid user support from 109.87.82.211 port 40809 Sep 24 10:07:49 vps639187 sshd\[10725\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.87.82.211 Sep 24 10:07:51 vps639187 sshd\[10725\]: Failed password for invalid user support from 109.87.82.211 port 40809 ssh2 ...	2020-09-24 19:01:21
119.29.10.25	attackbots	Invalid user duser from 119.29.10.25 port 46147	2020-09-24 19:13:27
85.111.0.137	attackbots	firewall-block, port(s): 445/tcp	2020-09-24 19:12:07
118.70.170.120	attack	Brute%20Force%20SSH	2020-09-24 19:37:21

Recently Reported IPs

111.231.63.14	198.199.66.10	162.243.143.136	138.122.202.200
218.2.198.54	59.100.246.170	159.65.149.131	40.107.77.80
139.199.87.173	198.108.67.44	103.217.156.21	61.184.247.11
190.215.113.11	187.189.63.82	121.123.15.117	202.29.39.1
198.211.118.157	101.2.163.49	192.169.217.183	106.12.212.187